Judge OKs FBI Keyboard Sniffing

Share

Judge OKs FBI Keyboard Sniffing

WASHINGTON – The Justice Department can legally use a controversial electronic surveillance technique in its prosecution of an alleged mobster.

In the first case of its kind, a federal judge in Newark, New Jersey has ruled that evidence surreptitiously gathered by the FBI about Nicodemo S. Scarfo's reputed loan shark operation can be presented in a trial later this year.

U.S. District Judge Nicholas Politan said last week that it was perfectly acceptable for FBI agents armed with a court order to sneak into Scarfo's office, plant a keystroke sniffer in his PC and monitor its output.

Scarfo had been using Pretty Good Privacy (PGP) encryption software to encode confidential business data – and frustrate the government's attempts to monitor him.

Politan flatly rejected the defense argument that the FBI violated both wiretap law and the Fourth Amendment, saying that the FBI's black bag jobs "suffer from no constitutional infirmity."

"Each day, advanced computer technologies and the increased accessibility to the Internet means criminal behavior is becoming more sophisticated and complex.... As a result of this surge in so-called 'cyber crime,' law enforcement's ability to vigorously pursue such rogues cannot be hindered where all constitutional limitations are scrupulously observed," Politan said.

Scarfo's lawyer said he was "very disappointed" but he could see no way to appeal Politan's decision before the trial takes place. "If we should be convicted, it'll come up on appeal," said Norris Gelman, a Philadelphia attorney representing Scarfo.

Privacy scholars who fear that Politan's ruling will dramatically expand the government's ability to spy on Americans have closely watched the case. If Politan's decision is upheld on appeal, it will grant police broad powers to circumvent privacy-protecting encryption products.

"The decision is disappointing, particularly in light of the fact that the full details of the keystroke logger were not disclosed to the defense," said David Sobel, general counsel for the Electronic Privacy Information Center. "It's an important issue that is likely to form the basis of an appeal should Scarfo be convicted."

For its part, the FBI seems to want to avoid the physical breaking-and-entering that's required to implant a keystroke logger in a suspect's computer. Late last year, news leaked about an FBI project code-named "Magic Lantern" that would install surveillance software remotely using well-known backdoors in browsers, e-mail clients and operating systems.

Ronald Wigler, the assistant U.S. Attorney responsible for the case, said: "There has not been another case of its kind to date that has utilized these methods in conjunction with the way in which we obtained authorization to use these tools."

"(The court decision) doesn't necessarily surprise us because we've been saying all along we never violated his Fourth Amendment rights. We've been saying all along we've never captured any electronic communications that would require us to seek a wiretap order," Wigler said.

The court order from the federal magistrate judge stated that the FBI could "install and leave behind software, firmware, and/or hardware equipment, which will monitor the inputted data entered on Nicodemo S. Scarfo's computer in the target location so that the FBI can capture the password necessary to decrypt computer files by recording the key related information as they are entered."

Defense attorneys had said that the PGP pass-phrase snatching was akin to a telephone wiretap and pointed out that the FBI never obtained a wiretap order. Scarfo's lawyers also claimed the FBI was conducting a general search of the sort loathed by the colonists at the time of the American Revolution and thereafter outlawed by the Fourth Amendment's prohibition of "unreasonable" searches.

Complicating the case is the government's unwillingness to release details on how the keystroke-capturing system works. The government calls the key-logger "a sensitive law enforcement" mechanism that's classified – and that its details, like the secret locations of bugs and surveillance devices, may be kept from defendants.

Last fall, the Justice Department invoked the Classified Information Procedures Act (CIPA), which allows prosecutors to brief the judge in a secret session from which defense attorneys and the defendant are excluded. That ex parte hearing took place on Sept. 26.

"Pursuant to CIPA's regulations, the United States presented the Court with detailed and top-secret, classified information regarding the (keystroke logger), including how it operates in connection with a modem. The government also demonstrated to the Court how the (keystroke logger) affects national security," Politan said in his decision.

Defense attorneys received only an "unclassified summary statement" with general information about the key-logging system.